Noptri Public Security has released a working Skype zero day vulnerability with POC for Skype. Skype users need be aware of this vulnerability.
Vendor:
Vendor:
======= Skype - http://www.skype.com/ Affected Product: ================= Skype in version <= 5.5.0.113 Affected Platforms: =================== Windows (XP, Vista, 7)
Problem Description:
====================
Skype suffers from a persistent code injection vulnerability due to a lack
of input validation and output sanitization of following profile entries:
[+] home
[+] office
[+] mobilePOC of Skype 0day vulnerability
The following HTML codes can be used to trigger the described vulnerability:
--- SNIP ---
[+] Home Phone Number:
<b>INJECTION HERE</b>
[+] Office Phone Number:
<center><i>INJECTION HERE</i></center>
[+] Mobile Phone Number:
<a href="#">INJECTION HERE</a>
--- SNIP ---By using this code An attacker could for example inject HTML/Javascript code. It has not been verified though, if it's possible to hijack cookies or to attack the underlying operating system. Attacker could give a try using extern .js filesSubscribe To Our Articles
PLEASE HELP US SHARE THIS ARTICLE
0Awesome Comments!